FBI gets expanded hacking powers despite Senate fight

Senate lawmakers failed to delay a rule that will enhance the government’s hacking powers. The change allows the FBI to seek a “universal” warrant to access computers in any jurisdiction. Critics argue the rule threatens the privacy rights of Americans.

The controversial change to Rule 41 of the federal rules of criminal procedure will allow a US judge to issue search warrants that give the FBI the authority to remotely access computers in any jurisdiction, potentially even overseas.

Wyden was joined by Sens. Steve Daines (R-Montana) and Chris Coons (D-Delaware), who took to the floor to either pass or formally vote on three bills to delay or prevent the updates.

“We simply can’t give unlimited power for unlimited hacking,” Daines argued, according to The Hill.

The three senators expressed outrage that no hearing had been held.

The updates to Rule 41 are backed by the Justice Department and have been approved by the Supreme Court.

The Department of Justice had argued that all of the hacking powers described in the rule change are powers the government already had and the only change was the procedure for getting a warrant. They have been pressing for changes for years, arguing it is intended to address two problems raised in modern cyber investigations.

Currently when a suspect uses technical means to disguise their location of their computers, law enforcement can’t determine in which jurisdiction they must apply for a warrant. A “universal” warrant gives investigators wide latitude.

The rule change also pushes back against botnets, a network of hijacked computers that send spam that can flood a target by drowning it in traffic and causing it to malfunction.

Under the rule change, law enforcement can use a single application to apply to hack five or more computers.

Digital and civil liberties advocates argued the new rules create limitless tools for government surveillance. Under the changes, they argue, innocent victims could be swept up under the warrants and agencies could choose to work with sympathetic judges.

The rule change also covers up the Justice Department’s violation of its own rules, and evidence of government overreach.

The FBI had been investigating an alleged child sexually exploitative site, Playpen, which they were able to seize in 2015. Instead of shutting it down, they ran it from a government server for 13 days; however, investigators were unable to see the real IP address of visitors because they typically connected through the Tor network, which protects IP addresses.

Motherboard reported that the FBI then applied for a single warrant to deploy malware where they were able to obtain over 1,000 IP addresses of alleged US-based users. It also later turned out the FBI hacked computers in at least 120 countries from Australia to Chile to Denmark, Greece and Norway. According to court transcripts, the FBI also hacked a “satellite provider.”

In all, the FBI obtained over 8,000 IP address and hacked computers in 120 different countries.

Fourteen court decisions found that warrant was not properly issued pursuant to Rule 41.

“We have never, in our nation’s history as far as I can tell, seen a warrant so utterly sweeping,” Colin Fieman, a federal public defender who is representing several defendants in the affected cases, told Motherboard.